Department of Computer Science and Software Engineering
University of Wisconsin
Internet geolocation is the process of locating a host device to the real world location of
There are many uses for geolocation
marketing, default language detection,
lanation of a
location techniques as well as some of the
used to find a
location of a
device is stationary or mobile.
A few ways that these geolocation techniques
is also provided
such as proxies and software l
A simple example of
counter evasion is also provided.
Internet Geolocation is the process of
finding the geographical
accessible network information
There are many
reasons that the
of a device
would be beneficial, such as
ncy services, financial
content delivery networks,
social networking sites
ys of locating a device
such as GPS or E911 services
the public switch
ed telephone network
ould be used
. As for mobile devices
different techniques w
ould be used
used such as frequency fingerprinting,
ireless access points. Many of these techniques described use the Internet Protocol Address
), and different routing numbers
a device to locate it. With the help
of companies like Google which provide
ways that a developer can locate a device very easily.
As well as companies like
Internet Corporation for Assigned Names
databases of related information.
P a g e
IP Address overview
computer in the world is assigned an
Internet Protocol (
This IP address
unique number given to a device that wishes
to connect to a network.
Numbers Authority (IANA)
. The IANA
blocks of IP address to
Internet Registries (RIRs) as shown
in Figure 1.
allocate smaller blocks
to Internet Service Providers (ISPs
and some large companies
an IP address to all of the devices in
network wanting to connect to the internet.
Regional Internet Registries[
Traditional Location Systems
Services that provide location have been around for many
During the late 20th century
public switched telephone network (PSTN)
circuit switched network to a
This allowed the calling line identity
of the endpoints
, also known as
the phone number
to be transmitted through the
For conventional fixed line telephony,
the association of the physical address to location only require
d the incorporation of a relatively
static database associating the phone number with the
known location to which the line serving
that address terminated.
A crucial example of this association is the emergency
function which allows someon
e to dial 911, for
the United States, and the system would find the
address of the caller and dispatch emergency services.
Other examples include caller id
as the ability to
call a nationwide number
would connect to a local business.
obile networks became more common place, this created problems for the
Mobile devices were able to move aroun
d within areas of coverage
, but th
phone number and
P a g e
physical address did not change in the PSTN.
This was resolved in 1996 when the Fede
Communications Commission (FCC)
, the E911 service,
that when a call
e to the 911 service the wireless service provider had to deliver the location of the caller
This was usually represented in geodetic
namely latitude and longitude
As time progressed the network equipment vendors found other ways to locate a mobile device
mobile network is made up of cell towers
such as air
interference timings a
The technique of using these measurements is called
Enhanced cell identity.
There is also radio frequency fingerprinting. Where signal
cross the coverage area,
usually in a grid pattern and stored in a database
location for a device is requested
signal strength of the cell towers in the area
is compared to
the values in the database
and the location is determined
With the recent addition of mobile devices
and how accessibl
e the internet has come,
are taking advantage
of the new possibilities. E
are also taking advantage of the new
possibilities to invent new services.
Services like Gowalla and Foursquare
information to create a location b
ased social network
. Where the user and friends of the user
in to locations using their mobile device
and interact with others
Web sites like Hulu
of the user to determine
if the user is in the right country
imit what content can
Usually this is to comply with licenses that
the owner of the content agree upon.
Companies like Google
to tailor a web search, advertisements and also
Many other websites commonly use a country
level location to
determine what language should be displayed.
Other sites like Google and CNN
user to a server that is closer
The term internet
address of the host
to determine the geographical
location of the user.
These locations are usually in the form of a civic address
tude and longitude
a few different techniques that
can be used to
a users location
Domain Name Service (DNS) queries
P a g e
a protocol that uses an IP address
, an Autonomous System (AS)
records from public whois database
provided by the RIRs
This service can be
by a c
ommand on a host
or from a remote host
A remote host can be used if it has the
network information that is to be located.
"whois google.com" would
return the information
pertaining to google.com.
Such as who and where the information was
Whois can be used in conjunction with an IP address to obtain information about that IP address.
P address of "
, the response to the command "whois
says that the
block of IP addresses is
Mediacom Communications Corp
. Which is located in
, New York
and is in the
i.e. North America
This technique would
locate this host
in Middletown, NY.
But the PC for this IP address is located in
ith this IP address
this technique is
. An issue with
ique is that not all IP addresses
located at or around the location of the
The data in the whois database
could submit false or incorrect data
An AS number is used by routing protocols like
r Gateway Protocol
. Each RIR
holds blocks of
AS numbers and organizations appl
y to their RIR to
RIPE also has a service for finding AS numbers.
with IP address of
, using the command "
" returns an AS
Using this with the whois command the organization that registered the AS
number can be found. In this example the command is "
AT&T Services, I
as the organization which is located in
technique would locate the host in Mi
. Recall that the location resolved to a
different city in the first example and
is nowhere close to Dubuque, IA
where the host is located.
For this technique
one issue is that not all IP addresses are located where the AS numbers where
registered. As with example one the whois databases may contain false or incorrect data
this technique did locate the IP address to the correct country
A domain name is used to represent
an IP address since humans remember series of
more easily than a series of digits.
There are utilities to perform reverse DNS lookups such as
"nslookup" for windows,
"dig" for UNIX systems, as well as a v
of web utilities.
also be used along with the whois command to
e the location of a particular host.
irst it must be determined if the
in question maps to a domain name. For that the
" shows that this IP address maps to
the domain name
"www.uwplatt.edu" as in Figure 2.
;; ANSWER SECTION:
addr.arpa. 900 IN PTR
P a g e
Figure 2: Excerpt from executing the command "dig
the IP address is known to resolve to the domain name "uwpla
. Next a command is
sent to the IANA whois server to determine what whois server is responsible for the "edu"
extension. For this the command "whois
is used and the response is
Then this new whois s
erver is used to find the information on the whole
domain name. For this the command "whois
Figure 3: Excerpt from running the command "whois
e that the spelling of "Technolgy"
is a spelling error from when the domain was registered.
In this example
the domain "uwplatt.edu" is located to
Platteville in Platteville, WI
this information it could be
that the domain is also locate
information is correct for the city, state, and country.
Some domain names
contain geographic codes that can be used
locate a h
ost. Such domain
names contain letters that
country or province
ample, a Google search for site:.ca returns only results
located in the .ca domain
, which is the
for Canada. In some cases,
extends to fi
ner granularity: .ab.ca is for
a, Canada; calgary.ab.ca is for
granularity beyond the country level cannot be expected
it is dependent on domain r
and even then
accuracy is suspect.
An example of this is the .tv domain
corresponds to the country
they do not restrict who can by a domain with the .tv
Sites like TWiT.tv provide entertainment and are not based in
If a company
doesn't want to go through the hassle of finding the devices location
and is willing
to pay there are som
e services that when given an IP address will return an
user with varying degrees of accuracy. A few providers of this service are
, and Google Location Service.
Some of these services require pa
but a company may be willing to pay for less
University of Wisconsin
Office of Information Technolgy
1 University Plaza
Platteville, WI 53818
P a g e
With more modern
and with the a
ddition of HTML5 as well as Application
Interfaces (APIs) such as
more accurate location
The W3C Geolocation API uses Google's Location Services
to locate a host
by retrieving network information such as an IP address from the web browser
Location Services uses many different techniques to detect the location of a host such as
and location using wireless networks
mobile devices Google uses
tower triangulation. Also the wireless internet hardware is used on the device to detect what
wireless access points can be seen
and that information is compared
to the wireless access point
data that Google Street View project has collected to determine the location of the device.
technique works best
in populated areas and not as well in rural areas since it uses wireless
wireless access points are more spread out so
obile devices, su
location services on the device that allows the user to select
what types of
techniques such as the
use of GPS or mobile networks to find a location.
A technique that won't be described in depth is the use of the Glo
bal Positioning System (GPS)
since many times the device may not have GPS hardware or the location
of the device is
where a GPS lock cannot be obtained. An example of this is an urban area like New York where
most of the sky is not visible.
and Counter Evasion
of Internet Geolocation
With any technology there is always
some way of getting around
that want or need to get around that technology
may be malicious
harmless. A malicious example would be credit
An example of something less
harmful would be
someone outside the Unite
d States would like to watch streaming video
content from another country.
One example of evading
is the use of a proxy server. A user connects to a
and any internet traffic they send or receive i
s sent through the proxy
server as in
P a g e
Figure 4: Example of a proxy server in between the clients and web servers.
Another evasion m
ethod is services like Tor.
Tor uses a system of relay computers located all
across the internet.
To create a private network p
athway with Tor, the user's software or client
incrementally builds a circuit of encrypted connections through relays on the network.
data sent from the user's computer the web
only sees the IP address of
the last relay o
r exit node.
What is unique about Tor is that after a
of time the
pathway is changed so
that the user may stay hidden to others. One drawback is that Tor only
works for TCP network streams
such as web browsing
A project that Tor created
This program is a cross
platform graphical interface for the Tor Network. This allows an easy
was to configure
, start, and stop Tor as well as providing some statistics for the current
Even though proxies an
d software like Tor pro
vide ways to bypass
me techniques of locating a
device, these ways can also be bypassed.
An example of a counter evasion technique is by
opening a non
. This allows the host IP address to be leaked out.
These can be
accomplished by let
ting web content to run such as Adobe Flash and Java applets
socket can be created with the "
an example of this is in Figure 5
any proxy settings set by the b
rowser and even set by the Java Control Panel.
igure 5: Code to bypass a proxy
based on reference
P a g e
Internet Geolocation is a
resource for any
Some of the techniques covered included traditional means such as the public switche
and radio frequency fingerprinting.
More modern means use internet network
information such as an IP address, a domain name, and routing numbers.
accessed public databases such as the whois database provided by IANA a
nd RIRs to help
decipher this data.
Along with companies that provide services such as Google
developers a way to access this data easily
With detection there
such as using a proxy or software such as Tor
some of the
network information so the host may remain anonymous.
Finally this article
to get around this evasion
by using web content such as Adobe Flash and Java
to gain access to
the network information tha
t was concealed.
Acton, R., Friess, N., & Aycock, J. (2007). Inverse geolocation: Worms with a sense
of direction. Performance, Computing, and Communications Conference, 2007.
IPCCC 2007. IEEE Internationa
Winterbottom, J., & Dawson, M. (2011). Internet geolocation and
based services. Communications Magazine, IEEE, 49(4), 102
] Google Location Service Retrieved from
Internet Corporation for Assigned Names and Numbers
Muir, J. A., & Oorschot, P. C. V. (2009). Internet geolocation: Eva
counterevasion. ACM Comput.Surv., 42(1), 4:1
Thorvaldsen, Ø. E. (2006). Geographical location of internet hosts using a multi
] Tor Project